AIToday

AI evaluation startup Braintrust confirms unauthorized access to AWS account containing customer API keys

Hacker NewsMay 7, 20261 min read
AI evaluation startup Braintrust confirms unauthorized access to AWS account containing customer API keys

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Braintrust discovered unauthorized access to one of its Amazon Web Services (AWS) cloud accounts that contained API keys used by customers to access cloud-based AI models. The company sent an email to customers Monday asking them to rotate their API keys and disclosed the incident on its website Tuesday.

  2. The compromised account held secrets that, if obtained by attackers, could allow them to log into customer systems appearing as legitimate users without breaking into target companies' systems directly. Braintrust said the incident has been contained and it has locked down the compromised account, audited and restricted access across related systems, and rotated internal secrets.

  3. Braintrust spokesperson Martin Bergman told TechCrunch the company sent the email 'out of an abundance of caution' and confirmed a security incident, but stated there is no evidence of a breach at this time. The company has communicated with one impacted customer and to date has not found evidence of broader exposure.

Discussion

No discussion yet for this article

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →